Navigation

queryutils.jsonparser

queryutils.jsonparser.get_json_files(dir, limit=1048576000)[source]

Return a list of the full paths to each of the .json files in a directory.

Parameters:
  • dir (str) – The path to the directory to check
  • limit (int) – The approximate number of bytes to read in (for testing)
Return type:

list
queryutils.jsonparser.get_users_from_directory(limit=52428800)[source]

Return a generator over user objects and their queries from the given directory.

The directory is assumed to contain a list of .json files, each of which is assumed to adhere to the format expected by get_users_from_file.

Parameters:limit (int) – The approximate number of bytes to read in (for testing)
Return type:generator
queryutils.jsonparser.get_users_from_file(filename)[source]

Return a generator over user objects and their queries from the given file.

It is assumed that the file will contain a list of results in JSON format. Each result is a dictionary with an assumed set of keys. This is the format that corresponds to Version.FORMAT_2012.

Parameters:filename (str) – The path to the .json file containing the queries
Return type:generator
queryutils.jsonparser.is_error(splunk_record_key)[source]

Return True if the given string is an error key.

Parameters:key (splunk_record) – The string to check
Return type:bool

Return True if the given string is a search key.

Parameters:key (splunk_record) – The string to check
Return type:bool
queryutils.jsonparser.is_search_length(splunk_record_key)[source]

Return True if the given string is a search length key.

Parameters:key (splunk_record) – The string to check
Return type:bool
queryutils.jsonparser.is_search_range(splunk_record_key)[source]

Return True if the given string is a range key.

Parameters:key (splunk_record) – The string to check
Return type:bool
queryutils.jsonparser.is_search_type(splunk_record_key)[source]

Return True if the given string is a search type key.

Parameters:key (splunk_record) – The string to check
Return type:bool
queryutils.jsonparser.load_and_combine_data_from_json(jsonfiles)[source]

Return all the data in a list of .json files in a big list.

Parameters:jsonfile (str) – The path to the .json file
Return type:list or dict
queryutils.jsonparser.load_data_from_json(jsonfile)[source]

Load the data contained in a .json file and return the corresponding Python object.

Parameters:jsonfile (str) – The path to the .json file
Return type:list or dict
queryutils.jsonparser.print_parseable_searches(jsonfiles)[source]

Print all the parseable searches contained in a set of files containing Splunk results.

Parameters:jsonfiles (list) – A list of .json files
Return type:None
queryutils.jsonparser.print_searches(splunk_results)[source]

Print all the searches contained in a set of files containing Splunk results.

Parameters:splunk_results (list) – A list of .json files
Return type:None
queryutils.jsonparser.put_json_files(iterable, prefix, encoder=<class 'json.encoder.JSONEncoder'>, limit=10485760)[source]

Write out a list of .json files with the data in the given iterable.

TODO: Delete me.

Parameters:
  • iterable (iterable) – A list or other iterable containing items to encode
  • prefix (str) – The prefix to name each of the files with (files will be named e.g., prefix.1, prefix.2, etc.)
  • encoder (json.JSONEncoder) – The encoder object that knows how to encode the items in iterable
  • limit (int) – The approximate number of bytes to read in (for testing)
queryutils.jsonparser.splunk_result_iter(jsonfiles)[source]

Yield the Splunk result dicts from the given .json file.

Parameters:jsonfiles (list) – A list of .json files
Return type:generator
queryutils.jsonparser.splunk_result_record_iter(jsonfiles)[source]

Yield the Splunk result dicts from the list of .json files.

Parameters:jsonfiles (list) – A list of .json files
Return type:generator

queryutils

Navigation

©2014, Sara Alspaugh, Jessica Lin. | Powered by Sphinx 1.2.3 & Alabaster 0.6.1 | Page source